Wallace Tweden, like many of us, juggles usernames and
passwords for his bank, credit cards and email.

Unlike many of us, Tweden is 74 and thinking ahead.

"I'm at a stage in life where I'm dealing somewhat with the
transition to the next generation," the part-time Portland resident said. "I
hope it's not soon but at least I'm giving it some thought."

That's why Tweden wants to know: How should he get all these
sensitive, don't-show-anyone passwords to his loved ones after he dies?

"This area gives us fits," admits Jeff Thede, an estate-planning
attorney in Portland. And you might be surprised by the answers Thede and
others give.

It's OK, for instance, to store passwords in writing -- in a
very safe place.

And under current law, your heirs – even the "personal
representative" in charge of distributing your belongings after you die – could
be committing a crime using your passwords (Estate-planning lawyers are battling
Internet titans in an effort to change this.)

"It used to be that when someone died,
the personal representative would simply collect mail for a few months to find
out all of the accounts that a person had," said Candice Aiston, an
estate-planning attorney in Portland. "Now, most of those accounts are dealt
with online, and we have new sorts of accounts to take into consideration, like
Facebook and such."

Earlier this month, I wrote about the latest, best password
practices. For email, work and financial accounts, I recommended using separate
passwords with at least 12 randomized characters. Or, use longer but
easier-to-remember passphrases.

I also suggested using a password manager to generate, save
and autofill these many complex passcodes as you browse.

A password manager, indeed, would make life easier for heirs
after you die. Keeper, oneSafe and other password managers I reviewed this
month all lock your online usernames and passwords behind one master password.

That master password is, thus, the only one you need to
remember, protect and somehow make available to heirs.

"If I die, they only need to know one password," Thede said.

It beats having to update an entire list each time a
password changes.

In most cases, you can also store sensitive documents in
password-manager vaults – items heirs would need, such as your will.

If you're not keen on online password managers, it's also OK
to write all your passwords down either on paper or in a computer document or
spreadsheet, as long as you protect and update it in the manner described
above.

Victoria Blachly, an estate-planning attorney with Samuels
Yoelin Kantor in Portland, said one of her clients put his usernames and
passwords on a password-protected memory stick in a safe-deposit box or
fireproof home safe.

"You definitely want to make sure it is secure because it is
the keys to your kingdom," Blachly said.

That means it's important that you choose someone you trust
to have access to your master password or instructions on where to find your
password list.

If you have a will, that person would be its "personal
representative," responsible for distributing your estate according to the
terms of your will.

In the case of Blachly's client, the personal representative
knows the flash drive's password and its location, but has no immediate access
to it.

Password manager LastPass offers to generate one-time-use
passwords. Store one or more in your safe deposit box, the company
says, "and no matter what happens to you, your loved ones can get into your
LastPass vault. Once they do, they can change the master password."
In the meantime, you avoid giving them access to your master password.

Keeper's online FAQs suggest that users can store their
master password under seal with their estate-planning attorney. But Blachly
said her firm won't do this because its malpractice insurance might not cover
theft or misuse. "I would not recommend any attorney have that kind of
information," she said.

Blachly's firm recommends putting all details about your
online accounts in a VAIL – a "Virtual Asset Instruction Letter." The VAIL
might also indicate which email or social media accounts to delete. Put a copy
of the VAIL on a password protected USB drive or CD. Lock both the digital and
hard-copy VAIL in a safe deposit box or safe.

Blachly also recommends updating your Power of Attorney document
to include language specifically allowing your personal representative to
access emails and other electronic data. A Power of Attorney expires when you
die, but if you're incapacitated, it gives a person you've picked ahead of time
the ability to manage your financial affairs.

One option I've not explored: Online afterlife companies. Eterniam
in Seattle, Planned Departure in the U.K. and PasswordBox in Canada pledge to store
and distribute your digital assets.

PasswordBox's Legacy Locker, for instance, will give an
assigned "digital heir" access to the deceased passwords after it receives of a
valid death certificate and proof of the heir's identity.

But Blachly and other legal experts caution that at least
one afterlife company already has gone out of business. I didn't review any of
them, but a glance at PasswordBox's terms of service shows that it tries to
limit the company's liability if the site ever shuts down or suffers a
"security intrusion."

There's another minor issue: An heir or personal
representative using your password to get into your account is, under currently
law, likely committing a cybercrime.

The U.S. Computer Fraud and Abuse Act and various Oregon laws
might prohibit personal representatives from accessing online accounts without
the user's express authorization, Blachly said. The federal Act, created in
1986, makes it unlawful to "intentionally access" a computer without
authorization and then obtain information from it, some legal experts say.

"Is someone going to get prosecuted for it?" Blachly asked. "One
would hope the DAs would have more important things to do. But from a legal
perspective we wanted to take away that argument entirely."

This year, Blachly and other attorneys asked the Oregon
Legislature to change state laws to allow personal representatives and trustees
access and use of digital accounts. But Senate Bill 54 drew opposition from
trade groups representing tech giants such as Google, Facebook and Intel. The
bill got no further than a public hearing. Blachly said they'll try again next
session and push for change on a national level as well.

For now, Tweden will continue to update his list of
passwords and send it to survivors, which happens more often than he'd like.
"It gets to be a challenge," he said. "You almost can't keep up with it."

-- Brent Hunsberger is an Investment Adviser
Representative in Portland. For important disclosures and information about
Brent, visit ORne.ws/aboutbrent. Reach
him by email or
leave a message at 503-683-3098.